admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-20T14:00:25.508157+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-20 14:00:29 +00:00
parent ed23ccd934
commit 7e6c07883e
32 changed files with 1872 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-454xx/CVE-2022-45448.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45448",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T13:15:11.180",
"lastModified": "2023-09-20T13:15:11.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-08xx/CVE-2023-0829.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0829",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T13:15:11.547",
"lastModified": "2023-09-20T13:15:11.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-plesk",
"source": "cve-coordination@incibe.es"
}
]
}

32
CVE-2023/CVE-2023-30xx/CVE-2023-3025.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3025",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-16T09:15:07.447",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:24:06.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hynotech:dropbox_folder_share:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.7",
"matchCriteriaId": "6E579DB2-9551-4253-889A-60B2BCF77075"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/DropboxFolderShare/Principal.php#L118",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-326xx/CVE-2023-32611.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32611",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-14T20:15:09.550",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:46:09.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. La deserializaci\u00f3n de GVariant es vulnerable a un problema de desaceleraci\u00f3n en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.74.2",
"matchCriteriaId": "75A30FA8-F2FB-4637-9EBB-5F2F8D057180"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-32611",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-33xx/CVE-2023-3341.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-3341",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-09-20T13:15:11.770",
"lastModified": "2023-09-20T13:15:11.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2023-3341",
"source": "security-officer@isc.org"
}
]
}

80
CVE-2023/CVE-2023-396xx/CVE-2023-39612.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2023-39612",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-16T01:15:07.397",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:16:36.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en FileBrowser anterior a v2.23.0 permite a un atacante autenticado escalar privilegios a Administrador a trav\u00e9s de la interacci\u00f3n del usuario con un archivo HTML o URL manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:filebrowser:filebrowser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.23.0",
"matchCriteriaId": "B368F96D-05ED-446B-BA42-68FC7F8A2269"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://febin0x4e4a.wordpress.com/2023/09/15/xss-in-filebrowser-leads-to-admin-account-takeover-in-filebrowser/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/filebrowser/filebrowser/commit/b508ac3d4f7f0f75d6b49c99bdc661a6d2173f30",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/filebrowser/filebrowser/issues/2570",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

95
CVE-2023/CVE-2023-396xx/CVE-2023-39638.json
View File

@ -2,27 +2,110 @@
"id": "CVE-2023-39638",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T22:15:08.350",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:31:28.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DIR-859 A1 1.05 y A1 1.06B01 Beta01 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n lxmldbc_system en /htdocs/cgibin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-859_a1_firmware:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3945ADB1-283C-4F18-8416-04FFACFF116A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-859_a1_firmware:1.06:beta01:*:*:*:*:*:*",
"matchCriteriaId": "84C37435-6257-441A-8A92-F2F8F04299B9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-859_a1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A24427F3-E984-4750-A6E2-91D420DED3C6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-859",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/mmmmmx1/dlink/blob/main/dir-859/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-396xx/CVE-2023-39643.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-39643",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T01:15:07.410",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:08:12.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Bl Modules xmlfeeds anterior a v3.9.8 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente SearchApiXml::Xmlfeeds()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blmodules:xmlfeeds_pro:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "3.9.8",
"matchCriteriaId": "6D007393-1397-4C7D-A194-F656027B54BE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://addons.prestashop.com/en/data-import-export/5732-xml-feeds-pro.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://security.friendsofpresta.org/modules/2023/08/29/xmlfeeds.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-397xx/CVE-2023-39777.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-39777",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-16T01:15:08.140",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:20:46.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en el Panel de Control de Administraci\u00f3n de vBulletin 5.7.5 y 6.0.0 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro de URL /login.php?do=login."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.0",
"matchCriteriaId": "AA18AC61-419C-4E8C-A9FB-27880309D114"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-409xx/CVE-2023-40984.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-40984",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T01:15:07.653",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:08:51.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en la funci\u00f3n Administrador de Archivos de Webmin v2.100 permite a los atacantes ejecutar un script malicioso mediante la inyecci\u00f3n de un payload manipulado en el fichero Reemplazar en Resultados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://webmin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-409xx/CVE-2023-40985.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-40985",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T01:15:07.787",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:10:52.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Webmin 2.100. La funcionalidad del Administrador de Archivos permite a un atacante explotar una vulnerabilidad de Cross-Site Scripting (XSS). Al proporcionar un payload malicioso, un atacante puede inyectar c\u00f3digo arbitrario, que luego se ejecuta dentro del contexto del navegador de la v\u00edctima cuando se busca o reemplaza cualquier archivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://webmin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-409xx/CVE-2023-40986.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-40986",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T01:15:07.910",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:11:09.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Stored Cross-Site Scripting (XSS) en la funci\u00f3n de Usermin Configuraci\u00f3n de Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo Custom."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://webmin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-411xx/CVE-2023-41157.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41157",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-16T06:15:07.627",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:23:42.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "M\u00faltiples vulnerabilidades de Stored Cross-Site Scripting (XSS) en Usermin 2.000 permiten a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro de \"nombre de carpeta\" mientras crean la carpeta para administrar la pesta\u00f1a de carpeta, la pesta\u00f1a de filtro y la pesta\u00f1a de reenv\u00edo de correo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:usermin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "ED13897E-B6FB-4976-9037-2136FDFE1A50"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41157",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://webmin.com/tags/webmin-changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

68
CVE-2023/CVE-2023-414xx/CVE-2023-41436.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-41436",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-16T00:15:08.480",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:14:37.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component."
},
{
"lang": "es",
"value": "La vulnerabilidad Cross-Site Scripting en CSZCMS v.1.3.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de una script manipulado en el par\u00e1metro Additional Meta Tag en el componente Pages Content Menu."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cskaza:cszcms:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84E1FF54-382F-4529-BA1D-9AD4DCA94A58"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/CSZ-CMS-Stored-XSS---Pages-Content/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-42xx/CVE-2023-4236.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-4236",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-09-20T13:15:12.313",
"lastModified": "2023-09-20T13:15:12.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2023-4236",
"source": "security-officer@isc.org"
}
]
}

55
CVE-2023/CVE-2023-434xx/CVE-2023-43477.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-43477",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-09-20T13:15:12.047",
"lastModified": "2023-09-20T13:15:12.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.\u00a0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-19",
"source": "vulnreport@tenable.com"
}
]
}

60
CVE-2023/CVE-2023-49xx/CVE-2023-4977.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-4977",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.057",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:11:56.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository librenms/librenms prior to 23.9.0."
},
{
"lang": "es",
"value": "Inyecci\u00f3n de c\u00f3digo en librenms/librenms del repositorio de GitHub anteriores a 23.9.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.0",
"matchCriteriaId": "D11631AD-0BBB-4877-B426-D0D036598849"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-49xx/CVE-2023-4978.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-4978",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.263",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:12:24.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.0",
"matchCriteriaId": "D11631AD-0BBB-4877-B426-D0D036598849"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-49xx/CVE-2023-4979.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-4979",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.460",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:12:39.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS): reflejado en librenms/librenms del repositorio de GitHub anteriores a 23.9.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.0",
"matchCriteriaId": "D11631AD-0BBB-4877-B426-D0D036598849"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-49xx/CVE-2023-4980.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4980",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.623",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:12:54.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.0",
"matchCriteriaId": "D11631AD-0BBB-4877-B426-D0D036598849"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-49xx/CVE-2023-4981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4981",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.810",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:13:02.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.0",
"matchCriteriaId": "D11631AD-0BBB-4877-B426-D0D036598849"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-49xx/CVE-2023-4982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4982",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.987",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:13:16.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.0",
"matchCriteriaId": "D11631AD-0BBB-4877-B426-D0D036598849"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-49xx/CVE-2023-4994.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-4994",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-16T02:15:07.990",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:21:46.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server."
},
{
"lang": "es",
"value": "El complemento Allow PHP in Posts and Pages para WordPress es vulnerable a la Ejecuci\u00f3n Remota de C\u00f3digo en versiones hasta la 3.0.4 inclusive a trav\u00e9s del c\u00f3digo corto 'php'. Esto permite a atacantes autenticados con permisos de nivel de suscriptor o superiores ejecutar c\u00f3digo en el servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitreach:allow_php_in_posts_and_pages:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.4",
"matchCriteriaId": "3D1108BA-DF06-4418-82EE-54449139878D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/allow-php-in-posts-and-pages/trunk/allowphp.php#L373",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-50xx/CVE-2023-5001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5001",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-16T05:15:45.000",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:22:48.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,16 +68,50 @@
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:horizontal_scrolling_announcement:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.2",
"matchCriteriaId": "3CD67242-2B70-4C47-94E0-6307AC0674A4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/horizontal-scrolling-announcement/trunk/horizontal-scrolling-announcement.php#L389",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4f60e8c-2745-4930-9101-914bd73c6e1c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-50xx/CVE-2023-5012.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5012",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-16T21:15:47.887",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:24:25.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\\Program Files\\Topaz OFD\\Warsaw\\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-239853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Topaz OFD 2.11.0.201 y clasificada como problem\u00e1tica. Una parte desconocida del archivo C:\\Program Files\\Topaz OFD\\Warsaw\\core.exe del componente Protection Module Warsaw afecta a una parte desconocida. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda sin comillas. Es un requisito atacar localmente. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-239853. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:topazevolution:ofd:2.11.0.201:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC9F891-F558-4E0E-8247-F78E6882E1E1"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.239853",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239853",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-50xx/CVE-2023-5013.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5013",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-16T23:15:07.283",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:26:13.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input <script>alert('xss')</script> leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-239854 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Pluck CMS 4.7.18 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo install.php del componente Installation Handler. La manipulaci\u00f3n del contenido del argumento con la entrada conduce a Cross Site Scripting (XSS). El ataque se puede iniciar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-239854 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +95,59 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.18:-:*:*:*:*:*:*",
"matchCriteriaId": "D1FA72CC-1126-4DC4-8431-997BC8160715"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Jacky-Y/vuls/blob/main/vul3.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239854",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239854",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-50xx/CVE-2023-5014.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5014",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T01:15:34.430",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:27:12.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and classified as critical. This issue affects some unknown processing of the file categoryfood.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239855."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Sakshi2610 Food Ordering Website 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo categoryfood.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-239855."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:food_ordering_website_project:food_ordering_website:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3EFE1A-8824-412F-B361-0BFBE04ED7B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Food-Ordering-Website%20SQLi.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.239855",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239855",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-50xx/CVE-2023-5015.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5015",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T02:15:07.430",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:27:37.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239856."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en UCMS 1.4.7. Ha sido clasificado como problem\u00e1tico. Una funci\u00f3n desconocida del archivo ajax.php?do=strarraylist es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento strdefault conduce a Cross Site Scripting (XSS). Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-239856."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +95,60 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ucms_project:ucms:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5498798F-9AC7-4309-B2E9-90B8959E70F2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Num-Nine/CVE/issues/3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239856",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239856",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5017.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5017",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T03:15:08.810",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:27:53.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en lmxcms hasta 1.41. Ha sido calificado como cr\u00edtico. Una funci\u00f3n desconocida del archivo admin.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento lid conduce a la inyecci\u00f3n de SQL. VDB-239858 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lmxcms:lmxcms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.41",
"matchCriteriaId": "B2B6BAFB-3E65-4C05-8723-E0C31792F068"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.239858",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239858",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-50xx/CVE-2023-5018.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5018",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T04:15:10.497",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T13:26:33.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en SourceCodester Lost and Found Information System 1.0 y clasificada como cr\u00edtica. Una parte desconocida del archivo /classes/Master.php?f=save_category del componente POST Parameter Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El identificador asociado de esta vulnerabilidad es VDB-239859."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.239859",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239859",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5042.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5042",
"sourceIdentifier": "security@acronis.com",
"published": "2023-09-20T12:15:12.077",
"lastModified": "2023-09-20T12:54:08.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Cyber ??Protect Home Office (Windows) anterior a la compilaci\u00f3n 40713."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5330",
"source": "security@acronis.com"
}
]
}

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-20T12:00:25.447690+00:00
2023-09-20T14:00:25.508157+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-20T10:49:21.820000+00:00
2023-09-20T13:46:09.607000+00:00
```
### Last Data Feed Release
@ -29,48 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
225888
225894
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `6`
* [CVE-2022-45447](CVE-2022/CVE-2022-454xx/CVE-2022-45447.json) (`2023-09-20T10:15:11.203`)
* [CVE-2023-34047](CVE-2023/CVE-2023-340xx/CVE-2023-34047.json) (`2023-09-20T10:15:14.247`)
* [CVE-2023-4853](CVE-2023/CVE-2023-48xx/CVE-2023-4853.json) (`2023-09-20T10:15:14.947`)
* [CVE-2023-5084](CVE-2023/CVE-2023-50xx/CVE-2023-5084.json) (`2023-09-20T10:15:15.723`)
* [CVE-2022-45448](CVE-2022/CVE-2022-454xx/CVE-2022-45448.json) (`2023-09-20T13:15:11.180`)
* [CVE-2023-5042](CVE-2023/CVE-2023-50xx/CVE-2023-5042.json) (`2023-09-20T12:15:12.077`)
* [CVE-2023-0829](CVE-2023/CVE-2023-08xx/CVE-2023-0829.json) (`2023-09-20T13:15:11.547`)
* [CVE-2023-3341](CVE-2023/CVE-2023-33xx/CVE-2023-3341.json) (`2023-09-20T13:15:11.770`)
* [CVE-2023-43477](CVE-2023/CVE-2023-434xx/CVE-2023-43477.json) (`2023-09-20T13:15:12.047`)
* [CVE-2023-4236](CVE-2023/CVE-2023-42xx/CVE-2023-4236.json) (`2023-09-20T13:15:12.313`)
### CVEs modified in the last Commit
Recently modified CVEs: `45`
Recently modified CVEs: `25`
* [CVE-2023-25530](CVE-2023/CVE-2023-255xx/CVE-2023-25530.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-25531](CVE-2023/CVE-2023-255xx/CVE-2023-25531.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-25532](CVE-2023/CVE-2023-255xx/CVE-2023-25532.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-25533](CVE-2023/CVE-2023-255xx/CVE-2023-25533.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-25534](CVE-2023/CVE-2023-255xx/CVE-2023-25534.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-31008](CVE-2023/CVE-2023-310xx/CVE-2023-31008.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-31009](CVE-2023/CVE-2023-310xx/CVE-2023-31009.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-38886](CVE-2023/CVE-2023-388xx/CVE-2023-38886.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-38887](CVE-2023/CVE-2023-388xx/CVE-2023-38887.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-38888](CVE-2023/CVE-2023-388xx/CVE-2023-38888.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-31010](CVE-2023/CVE-2023-310xx/CVE-2023-31010.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-31011](CVE-2023/CVE-2023-310xx/CVE-2023-31011.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-31012](CVE-2023/CVE-2023-310xx/CVE-2023-31012.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-31013](CVE-2023/CVE-2023-310xx/CVE-2023-31013.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-31014](CVE-2023/CVE-2023-310xx/CVE-2023-31014.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-31015](CVE-2023/CVE-2023-310xx/CVE-2023-31015.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-4088](CVE-2023/CVE-2023-40xx/CVE-2023-4088.json) (`2023-09-20T10:49:13.817`)
* [CVE-2023-40931](CVE-2023/CVE-2023-409xx/CVE-2023-40931.json) (`2023-09-20T10:49:21.820`)
* [CVE-2023-40932](CVE-2023/CVE-2023-409xx/CVE-2023-40932.json) (`2023-09-20T10:49:21.820`)
* [CVE-2023-40933](CVE-2023/CVE-2023-409xx/CVE-2023-40933.json) (`2023-09-20T10:49:21.820`)
* [CVE-2023-40934](CVE-2023/CVE-2023-409xx/CVE-2023-40934.json) (`2023-09-20T10:49:21.820`)
* [CVE-2023-36319](CVE-2023/CVE-2023-363xx/CVE-2023-36319.json) (`2023-09-20T10:49:21.820`)
* [CVE-2023-39575](CVE-2023/CVE-2023-395xx/CVE-2023-39575.json) (`2023-09-20T10:49:21.820`)
* [CVE-2023-25525](CVE-2023/CVE-2023-255xx/CVE-2023-25525.json) (`2023-09-20T10:49:21.820`)
* [CVE-2023-25526](CVE-2023/CVE-2023-255xx/CVE-2023-25526.json) (`2023-09-20T10:49:21.820`)
* [CVE-2023-39643](CVE-2023/CVE-2023-396xx/CVE-2023-39643.json) (`2023-09-20T13:08:12.390`)
* [CVE-2023-40984](CVE-2023/CVE-2023-409xx/CVE-2023-40984.json) (`2023-09-20T13:08:51.797`)
* [CVE-2023-40985](CVE-2023/CVE-2023-409xx/CVE-2023-40985.json) (`2023-09-20T13:10:52.807`)
* [CVE-2023-40986](CVE-2023/CVE-2023-409xx/CVE-2023-40986.json) (`2023-09-20T13:11:09.520`)
* [CVE-2023-4977](CVE-2023/CVE-2023-49xx/CVE-2023-4977.json) (`2023-09-20T13:11:56.513`)
* [CVE-2023-4978](CVE-2023/CVE-2023-49xx/CVE-2023-4978.json) (`2023-09-20T13:12:24.480`)
* [CVE-2023-4979](CVE-2023/CVE-2023-49xx/CVE-2023-4979.json) (`2023-09-20T13:12:39.107`)
* [CVE-2023-4980](CVE-2023/CVE-2023-49xx/CVE-2023-4980.json) (`2023-09-20T13:12:54.970`)
* [CVE-2023-4981](CVE-2023/CVE-2023-49xx/CVE-2023-4981.json) (`2023-09-20T13:13:02.687`)
* [CVE-2023-4982](CVE-2023/CVE-2023-49xx/CVE-2023-4982.json) (`2023-09-20T13:13:16.680`)
* [CVE-2023-41436](CVE-2023/CVE-2023-414xx/CVE-2023-41436.json) (`2023-09-20T13:14:37.207`)
* [CVE-2023-39612](CVE-2023/CVE-2023-396xx/CVE-2023-39612.json) (`2023-09-20T13:16:36.457`)
* [CVE-2023-39777](CVE-2023/CVE-2023-397xx/CVE-2023-39777.json) (`2023-09-20T13:20:46.513`)
* [CVE-2023-4994](CVE-2023/CVE-2023-49xx/CVE-2023-4994.json) (`2023-09-20T13:21:46.067`)
* [CVE-2023-5001](CVE-2023/CVE-2023-50xx/CVE-2023-5001.json) (`2023-09-20T13:22:48.797`)
* [CVE-2023-41157](CVE-2023/CVE-2023-411xx/CVE-2023-41157.json) (`2023-09-20T13:23:42.447`)
* [CVE-2023-3025](CVE-2023/CVE-2023-30xx/CVE-2023-3025.json) (`2023-09-20T13:24:06.947`)
* [CVE-2023-5012](CVE-2023/CVE-2023-50xx/CVE-2023-5012.json) (`2023-09-20T13:24:25.627`)
* [CVE-2023-5013](CVE-2023/CVE-2023-50xx/CVE-2023-5013.json) (`2023-09-20T13:26:13.750`)
* [CVE-2023-5018](CVE-2023/CVE-2023-50xx/CVE-2023-5018.json) (`2023-09-20T13:26:33.553`)
* [CVE-2023-5014](CVE-2023/CVE-2023-50xx/CVE-2023-5014.json) (`2023-09-20T13:27:12.107`)
* [CVE-2023-5015](CVE-2023/CVE-2023-50xx/CVE-2023-5015.json) (`2023-09-20T13:27:37.373`)
* [CVE-2023-5017](CVE-2023/CVE-2023-50xx/CVE-2023-5017.json) (`2023-09-20T13:27:53.113`)
* [CVE-2023-39638](CVE-2023/CVE-2023-396xx/CVE-2023-39638.json) (`2023-09-20T13:31:28.290`)
* [CVE-2023-32611](CVE-2023/CVE-2023-326xx/CVE-2023-32611.json) (`2023-09-20T13:46:09.607`)
## Download and Usage